Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
File: 966E1C18CCE911EBAB17776BC4F9AE02.roa (raw, json)
Hash identifier: qGLZaApI8u5+neOVLPQe/zDU6JmFxHqfRuyZ+s9x1ck=
Subject key identifier: 34:0A:FB:16:31:E7:8D:2B:9A:5C:05:13:41:00:3C:DC:4C:04:01:95
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BCF5
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
Signing time: Wed 04 Jun 2025 11:13:26 +0000
ROA not before: Wed 04 Jun 2025 11:13:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4758
IP address blocks: 43.239.62.0/24 maxlen: 24
45.118.16.0/22 maxlen: 22
45.118.16.0/24 maxlen: 24
45.118.17.0/24 maxlen: 24
45.118.18.0/24 maxlen: 24
45.118.19.0/24 maxlen: 24
45.118.20.0/22 maxlen: 22
45.118.20.0/24 maxlen: 24
45.118.21.0/24 maxlen: 24
45.118.22.0/24 maxlen: 24
45.118.23.0/24 maxlen: 24
45.118.24.0/22 maxlen: 22
45.118.24.0/24 maxlen: 24
45.118.25.0/24 maxlen: 24
45.118.26.0/24 maxlen: 24
45.118.27.0/24 maxlen: 24
45.118.28.0/22 maxlen: 22
45.118.28.0/24 maxlen: 24
45.118.29.0/24 maxlen: 24
45.118.30.0/24 maxlen: 24
45.118.31.0/24 maxlen: 24
103.195.208.0/24 maxlen: 24
103.195.209.0/24 maxlen: 24
103.195.210.0/24 maxlen: 24
103.195.211.0/24 maxlen: 24
103.195.212.0/24 maxlen: 24
103.195.213.0/24 maxlen: 24
103.195.214.0/24 maxlen: 24
103.195.215.0/24 maxlen: 24
103.195.216.0/24 maxlen: 24
103.195.217.0/24 maxlen: 24
103.195.218.0/24 maxlen: 24
103.195.219.0/24 maxlen: 24
137.59.128.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 13 Jun 2025 15:42:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48373 (0xbcf5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jun 4 11:13:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68402a56-1f79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:01:a2:29:9d:a9:63:fa:42:45:d5:28:41:48:
42:98:fb:62:09:e4:f4:05:81:7e:c5:2a:0d:89:59:
01:36:2f:dd:80:fc:e8:de:53:fb:c8:e9:8e:0f:85:
2c:6b:23:9f:d7:18:9c:b7:37:df:af:fe:c0:35:49:
37:7d:3d:a1:8a:de:af:88:35:fe:36:97:9f:4d:08:
f0:ef:0d:f8:8b:f8:70:bb:f3:23:6d:56:81:a0:4c:
3c:04:91:68:c0:7b:65:20:03:94:73:46:c6:29:44:
c6:a0:17:b6:5e:a1:c0:d3:eb:58:2b:aa:2b:57:f8:
8a:c8:03:37:d8:78:7f:70:fe:db:67:c6:6d:d2:22:
66:af:60:84:c6:07:50:b7:26:bf:64:e4:90:27:ed:
45:33:f2:b9:7c:6a:ea:f8:80:9f:c7:8c:0f:01:59:
ce:90:18:16:fa:27:65:16:1d:5c:71:d6:24:96:4b:
72:fb:67:03:8c:e8:1f:cf:50:75:2f:8e:97:14:4c:
35:a6:8c:ed:e3:92:b9:be:bd:bc:7b:22:e2:9d:46:
b0:3d:67:25:14:20:49:e3:f7:75:3a:41:98:60:56:
55:e7:a9:3b:63:22:17:53:bd:33:21:0d:ec:64:9f:
fc:aa:a0:f5:33:57:0a:52:94:2f:cb:2e:ca:96:1f:
a9:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:0A:FB:16:31:E7:8D:2B:9A:5C:05:13:41:00:3C:DC:4C:04:01:95
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.62.0/24
45.118.16.0/20
103.195.208.0-103.195.219.255
137.59.128.0/22
Signature Algorithm: sha256WithRSAEncryption
83:6c:a9:8f:5d:3c:57:f3:3e:12:2b:7c:90:f2:57:25:bb:70:
ed:e7:58:79:59:8d:34:8f:54:20:de:e9:a0:b2:ae:07:14:06:
0f:68:8a:2d:86:90:f1:55:95:09:32:86:a3:16:e8:ba:89:ca:
18:c4:27:0e:b0:7e:c6:34:b2:63:2e:4a:51:bd:9f:8f:2b:29:
b5:b7:55:4d:96:99:58:ee:06:a9:9c:93:03:17:1b:ba:02:01:
43:ad:5d:c2:4c:da:95:80:e4:e3:b2:35:5e:5a:4d:35:4e:40:
13:db:80:72:4f:c6:dc:7e:d5:fb:89:88:84:65:3c:17:99:53:
bd:7a:8c:9b:06:ef:37:01:c1:5b:ca:7d:df:6f:5e:46:91:11:
b7:5d:6e:eb:5f:b5:62:b3:e2:6a:25:38:38:71:93:05:06:86:
45:cf:41:c5:ee:44:ce:eb:09:6f:68:38:76:31:d7:e1:ba:dd:
3a:5f:b4:6e:e0:56:1b:13:fe:03:85:8c:c4:4c:80:9f:47:b5:
5a:10:b5:50:10:f5:39:97:5d:8c:ed:57:8e:f8:d9:16:49:ee:
ca:87:8c:96:29:73:12:21:f1:40:4c:a9:29:30:40:46:b7:a5:
30:34:ca:e6:8c:58:72:eb:43:1b:85:56:86:2e:4b:c5:1c:9f:
0d:f9:e6:21
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIDALz1MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDYwNDExMTMyNloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjg0MDJhNTYtMWY3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsBoimdqWP6QkXVKEFIQpj7Ygnk9AWBfsUqDYlZATYv3YD86N5T+8jpjg+F
LGsjn9cYnLc336/+wDVJN309oYrer4g1/jaXn00I8O8N+Iv4cLvzI21WgaBMPASR
aMB7ZSADlHNGxilExqAXtl6hwNPrWCuqK1f4isgDN9h4f3D+22fGbdIiZq9ghMYH
ULcmv2TkkCftRTPyuXxq6viAn8eMDwFZzpAYFvonZRYdXHHWJJZLcvtnA4zoH89Q
dS+OlxRMNaaM7eOSub69vHsi4p1GsD1nJRQgSeP3dTpBmGBWVeepO2MiF1O9MyEN
7GSf/Kqg9TNXClKUL8suypYfqeUCAwEAAaOCAq8wggKrMB0GA1UdDgQWBBQ0CvsW
MeeNK5pcBRNBADzcTAQBlTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk2NkUxQzE4
Q0NFOTExRUJBQjE3Nzc2QkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDkGCCsGAQUFBwEHAQH/
BCowKDAmBAIAATAgAwQAK+8+AwQELXYQMAwDBARnw9ADBAJnw9gDBAKJO4AwDQYJ
KoZIhvcNAQELBQADggEBAINsqY9dPFfzPhIrfJDyVyW7cO3nWHlZjTSPVCDe6aCy
rgcUBg9oii2GkPFVlQkyhqMW6LqJyhjEJw6wfsY0smMuSlG9n48rKbW3VU2WmVju
BqmckwMXG7oCAUOtXcJM2pWA5OOyNV5aTTVOQBPbgHJPxtx+1fuJiIRlPBeZU716
jJsG7zcBwVvKfd9vXkaREbddbutftWKz4molODhxkwUGhkXPQcXuRM7rCW9oOHYx
1+G63TpftG7gVhsT/gOFjMRMgJ9HtVoQtVAQ9TmXXYztV4742RZJ7sqHjJYpcxIh
8UBMqSkwQEa3pTA0yuaMWHLrQxuFVoYuS8Ucnw355iE=
-----END CERTIFICATE-----
Generated at Sat Jun 7 06:49:42 2025 by rpki-client